4 matches found
CVE-2021-30113
CVE-2021-30113 affects Web-School ERP v5.0. A blind XSS vulnerability exists in the Add Events fields (event name and description) where injected JavaScript can be stored and executed when visitors view the event, potentially exfiltrating victim information. The provided sources describe the vuln...
CVE-2021-30112
CVE-2021-30112 affects Web-School ERP v5.0. The vulnerability is a cross-site request forgery (CSRF) in module/core/studentleaveapplication/create where the application fails to validate the CSRF token for POST requests using Guardian privilege, allowing remote creation of a student_leave_applica...
CVE-2021-30111
Web-School ERP 5.0 has a stored XSS vulnerability in the Add Events fields (event name and description). The underlying issue is that injected JavaScript is stored and executed when viewers open the affected events. Exploitation details (payloads, vectors) are not provided in the supplied documen...
CVE-2021-30114
CVE-2021-30114 affects Web-School ERP v5.0. The CSRF vulnerability allows an attacker to induce a voucher payment request via the path module/accounting/voucher/create because the application fails to validate the CSRF token on a POST using admin privileges. Documents consistently describe the is...